Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Cryptography and GnuPG CPT 555 Network Security.

Published byClaribel Brown Modified over 9 years ago

Similar presentations

Presentation on theme: "Public Key Cryptography and GnuPG CPT 555 Network Security."— Presentation transcript:

1 Public Key Cryptography and GnuPG CPT 555 Network Security

2 Class Objectives Students will be able to understand the importance of Public Key Cryptography. Students will implement GPG Students will be able to: –Create keypair –Import and export public keys –Revoke keys –Encrypt keys –Decrypt keys –Sign keys –Encrypt keys

3 Using GnuPG (gpg) Objectives: Key management –Create a keypair –Import and export public keys –Revoke a keypair Encryption and decryption Signing and authentication

4 Preparing to Create a Keypair Choose a good passphrase –long –hard to guess –contains special characters Choose an algorithm –DSA/ElGamal (recommended) –RSA Choose a key length –use the largest practical length –I recommend 2048 bytes

5 Creating the Keypair Create the keypair gpg --gen-key Create the revocation certificate gpg --gen-revoke Store hard copies of the keypair and certificate in a safe place

6 Exporting Your Public Key Export the key gpg --export uid > pubkey.gpg Creates a binary file Use --armor to create a text-encoded file gpg --armor --export uid > pubkey.asc Note: uid is any part of user name or keyID (last 4B of fingerprint). See below.

7 Publishing Your Key Reminder: Never publish your secret key Be sure your exported public key is correct and you have a revocation certificate! Put it on your web site, a floppy disk, a USB memory key, etc. Put the fingerprint in your e-mail signature, on your business cards, etc. Send your public key to a public key server gpg --send-key uid

8 Getting Public Keys Through a secure, out-of-band channel, get your correspondent’s fingerprint Usually, the last four bytes of the fingerprint are the key ID Get the key from your correspondent’s web site, floppy disk, key server

9 Importing Public Keys Check the fingerprint (use check command) 1F13 06BC EDB1 4BD1 4952 51BC F203 3CF8 CAF9 A5E1 Import the key –from a key server gpg --recv-keys 0xCAF9A5E1 –from a file ( puts the key on your keyring? ) gpg --import pubkey.asc Confirm the fingerprint ( that key is correct ) gpg --fingerprint username

10 Your Keyring Holds your public keys and imported public keys List all keys in your keyring gpg --list-keys With signatures gpg --list-sigs Delete a key ( on your key ring? ) gpg --delete-key uid

11 Signing Keys Only sign a key if you know it’s authentic –received through a secure channel –checked credentials of sender –checked fingerprint To sign a key, you must edit it gpg --edit-key uid Interactive mode Use the sign command Export the key so its owner can re-import it, complete with signature

12 Assigning Ownertrust How well do you trust the key’s owner to correctly verify keys? Assign ownertrust with the trust command 1.Don’t know 2.Do not trust 3.Trust marginally 4.Trust fully 5.Trust ultimately

13 Encrypting Messages Make sure you have all recipients’ keys gpg --recipient user1 --recipient user2... -- encrypt filename Creates a binary file, filename.gpg Use --armor to produce a text-encoded file, filename.asc Include yourself as a recipient with - -encrypt-to-self uid

14 Signing Messages Sign with your private key: gpg --sign filename Creates a binary file, filename.gpg Use --clearsign instead of --sign to leave the message in plain text, surrounding it by a text-encoded signature (filename.asc) Will prompt for passphrase (enter it securely!)

15 Signing and Encrypting Always do both (sign first, then encrypt) Just combine the commands to sign and encrypt in one step gpg --armor --recipient user1 --recipient user2... --encrypt --sign filename Will prompt for passphrase (enter it securely!)

16 Decrypting and Authenticating Decrypting is GnuPG’s default behavior: gpg filename.gpg gpg filename.asc Either will produce filename Use --verify to verify the signature, thus authenticating the sender

17 References and Good Sites GPG Home Mini How-to The Diceware Passphrase Home Page Modular Arithmetic

Download ppt "Public Key Cryptography and GnuPG CPT 555 Network Security."

Similar presentations

Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.

1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google